Limiting Risks in Corporate Wireless Networks

With wireless LANs cropping up on company grounds, network managers
need to batten down the 802.11 hatches. That means setting the stage
for wireless policies, to be implemented now as well as in the future.

Many experts think that wireless policies should start with a logical
separation between the wired enterprise network and 802.11 links.

“Employees using the wireless network should then be required to use a
VPN to gain access to the production network. That way, users will be
authenticated, so you’ll know who is connecting. Also, in-the-air
connection to the internal network, packets will be encrypted without
relying on WEP (Wireless Encryption Protocol),” says Jason Conyard,
director for wireless product management at Symantec.

“You need to protect all points of egress, or entry, on to the
network,” suggests Gregor Freund, CEO and co-founder of Zone Labs.

“Companies are already protecting entry points such as e-mail and
floppy disks. Now, wireless hubs are also becoming an entry point,”
agrees Bob Hansmann, enterprise product manager for Trend Micro.

Moreover, unless network managers take the right steps, laptops
connected to wireless LANs are much more vulnerable than PCs attached
to wired nets.

If companies decide they don’t want to risk wireless VPN access to
the production network, they can set up wireless proxy servers just
for e-mail and Web services, according to Hansmann.

Companies should also keep protocols on wireless LANs down to a bare
minimum, Conyard says. “You don’t want to be introducing any features
that you’re not going to be using. IPsec and DNS ought to be enough.”

In setting up wireless access points, network administrators should
enter the addresses of approved NIC cards. “The access point has a
central database. This will tell the access point which devices are
allowed to connect,” he adds.

Viruses can raise problems on wireless LANs, too. According to
Hansmann, wireless hubs should be protected behind a “virus wall,”
along with a firewall.

“A LAN connection is a LAN connection, whether it’s wired or not. The
operating system is what’s important. There are more than 50,000
viruses out there (that runs on Windows OS), and laptops are just as
prone to them as desktop PCs,” Conyard says.

Some think that, at a certain point, companies will need to extend
policies to Palm and Windows CE devices, as well as to other types of
wireless nets, such as Bluetooth.

“There’s been a lot of hype about PDA viruses,” Conyard
admits. “Wireless connectivity does exist for PDAs, but it’s always
done as an add-on, and it’s still pretty much a gimmick
today. Most use of 802.11 LANs today is still on laptops. I believe
though, that real threats will start to emerge in the future, after
(Palm and Windows CE) OS become more commonplace. It’s just a matter
of time.”

Late in the year 2000, virus writers released two trojan horses for
the Palm OS – Liberty and Vapor – plus a virus, Phage. The Palm
viruses didn’t do much damage, and viral outbreaks have yet to occur
on the Windows CE side. Microsoft, though, is reportedly considering
including macro functionality in the next edition of the OS.

Meanwhile, though, at least six anti-virus software makers have
released products for various PDA platforms, including Symantec,
McAfee, Trend Micro, F-Secure, and Computer Associates. Also,
Symantec’s desktop anti-virus package scans for nine different Palm
viruses when a Palm device is syncing up with a PC. Some other desktop
anti-virus products have introduced similar features.

“As true virus threats emerge, Symantec will also look to develop
software for other PDA platforms. I think it’s also reasonable to
assume that, as organizations begin to manage devices, we’ll start to
provide management from a single platform, the same way we already do
for desktop PCs,” says Symanetec’s Conyard.

Right now, though, purchase of wireless equipment is still being done
on an ad hoc basis in many companies. Software purchases are even more
random.

“Lots of companies have just a hodgepodge of products. They’re
actually paying a lot for them already, though. Employees are buying
Palms, and then expensing them, for example. Few companies, however,
have given much thought to the business reasons behind these
expenses. They’ve given even less thought to what applications will be
run,” according to Conyard.

Beyond establishing wireless policies, detection and user education
are also key. In many cases, companies may not even know that wireless
networks are up and running on their premises.

“If you’re operating a ‘rogue’ wireless LAN, it’s quite feasible for
someone to either stand outside your door with a laptop PC, or use
rented office space in your building, to tap right into your corporate
network. If confidential information does leak out, the company might
not ever find out what happened,” Conyard contends.

Network managers can use sniffer technology to determine the existence
of unauthorized wireless LANs. “You also need to educate employees
that they’re not going to get the same level of security with an
(unprotected) wireless network,” he adds.

Meanwhile, it can also be a good idea to standardize on a single
vendor for wireless LAN purchases, for financial clout as well as
greater compatibility. “First, this will give you more purchasing
power. Second, there are subtle differences in wireless LAN
equipment. Although nearly everything wireless today is
802.11-compliant, vendors are interpreting 802.11 in slightly
different ways,” Conyard notes.

Editor’s note: This story first appeared on Crossnodes, an internet.com site.

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020